Solved

My system is infected with a virus and I can't seem to clean it up.

Posted on 2007-03-20
9
279 Views
Last Modified: 2013-12-28
One of my NT 4.0 Servers is infected with the w32.spybot.ALRD virus and I can't delete or quaranteen it. I have ran the latest updates and even tried removing it manually from the registry but I have not luck. Any ideas on what I can do to clean this up?
0
Comment
Question by:frankbustos
  • 6
  • 3
9 Comments
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761243
first thing U need to do is to find a barts pe, erd commander or a linux bootable cd
something that will give u access to the harddrive while keeping it inactive so that u can remove the virus.
0
 
LVL 6

Accepted Solution

by:
bgbeer earned 500 total points
ID: 18761273
let me back up a minute!
the first thing I would do is to unplug this server from the network because it is a network aware worm that can and will spread to all other computers on the network.

after that u need to pull the ram and the cmos battery and let it sit for 10 minutes or so to empty all memory.
at that point find yourself a bootable cd that will keep your haddrive inactive while working w/ it.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761309
the other thing u that more than likely will need to be don is to reinstall
0
 

Author Comment

by:frankbustos
ID: 18761414
Hi bgbeer,
   Ok, I will get it off the network then boot it with the ERD commander cd and see if I can delete the virus that way. I will let you know the results tomorrow as i'm off work for the rest of the evening.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 6

Expert Comment

by:bgbeer
ID: 18761431
frank, after booting to erd commander the first thing I would do is tocheck for running processes.

with erd commander u will have restore points I would use them.
0
 

Author Comment

by:frankbustos
ID: 18761518
bgbeer,

  sounds good, I will do that.
thanks.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761547
no problem

good luck
0
 

Author Comment

by:frankbustos
ID: 18773188
thanks bgbeer,  I was able to clean out the system and get it back to normal.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18777240
glad I could help
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now